Re: SSH through port forwarding
On Fri, Dec 28, 2007 at 12:19:44PM -0800, Brian wrote: > Chad Perrin wrote: > >On Tue, Dec 18, 2007 at 05:44:11AM -0500, Gerard Seibert wrote: > > > >>>On December 18, 2007 at 12:47AM sham khalil wrote: > >>> > >>>once you open port 22 to public ip, you'll get people try to bruteforce > >>>your > >>>machine. > >>>if you don't want that set sshd to listen to a higher number like 5522 > >>>then forward port 5522 from the router to the internal machines. > >>> > >>>unfortunately for wrt54g, you can't forward port 5522 to 22 for internal > >>>machine. > >>> > >>Security through obscurity is a poor substitute for security. Port > >>scanners > >>will eventually find that port also. > >> > > > >One needs something else for security against brute-force attempts, but > >changing the port number does help cut down on the amount of bandwidth > >consumption on the LAN side of your router by allowing the router to > >ignore/deny all incoming traffic on port 22. > > > Has denyhosts been considered? It has been considered (and used) by me -- but I have no idea about the OP. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] Larry Wall: "A script is what you give the actors. A program is what you give the audience." ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: SSH through port forwarding
Chad Perrin wrote: On Tue, Dec 18, 2007 at 05:44:11AM -0500, Gerard Seibert wrote: On December 18, 2007 at 12:47AM sham khalil wrote: once you open port 22 to public ip, you'll get people try to bruteforce your machine. if you don't want that set sshd to listen to a higher number like 5522 then forward port 5522 from the router to the internal machines. unfortunately for wrt54g, you can't forward port 5522 to 22 for internal machine. Security through obscurity is a poor substitute for security. Port scanners will eventually find that port also. One needs something else for security against brute-force attempts, but changing the port number does help cut down on the amount of bandwidth consumption on the LAN side of your router by allowing the router to ignore/deny all incoming traffic on port 22. Has denyhosts been considered? Brian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: SSH through port forwarding
On Tue, Dec 18, 2007 at 06:02:18AM +, Pollywog wrote: > > Make sure the ISP is not blocking port 22. If they block it, you will need > to > change the SSH port in sshd_config and then set the router to forward the > port to the server's internal IP address. It's a good idea to change the > port anyway, in order not to be obvious to script kiddies. You shouldn't have to change the port on which SSH listens on the FreeBSD machine. Just set up the router to forward from the higher port number on incoming requests to port 22 on the internal machine. It should be less work that way. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] MacUser, Nov. 1990: "There comes a time in the history of any project when it becomes necessary to shoot the engineers and begin production." ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: SSH through port forwarding
On Tue, Dec 18, 2007 at 05:44:11AM -0500, Gerard Seibert wrote: > > On December 18, 2007 at 12:47AM sham khalil wrote: > > > > once you open port 22 to public ip, you'll get people try to bruteforce your > > machine. > > if you don't want that set sshd to listen to a higher number like 5522 > > then forward port 5522 from the router to the internal machines. > > > > unfortunately for wrt54g, you can't forward port 5522 to 22 for internal > > machine. > > Security through obscurity is a poor substitute for security. Port scanners > will eventually find that port also. One needs something else for security against brute-force attempts, but changing the port number does help cut down on the amount of bandwidth consumption on the LAN side of your router by allowing the router to ignore/deny all incoming traffic on port 22. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] Marvin Minsky: "It's just incredible that a trillion-synapse computer could actually spend Saturday afternoon watching a football game." ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: SSH through port forwarding
> > > Security through obscurity is a poor substitute for security. Port > scanners > will eventually find that port also. > > Have you checked to see if a firewall is set up that could be blocking the > port? > Not a thorough check, but my father did turn off the firewall system on that linksys router. I believe he checked some box that basically opened up everything. I'm expecting that it's more likely what someone else said earlier that the ISP may be blocking it. I say this for two reasons: 1) When a connection attempt is made, the error I get is a time out not a refusal to connect. No pun intended but that smells, or should I say sniffs, of a firewall. 2) On a different system that I help build here in Boise, I'm getting the same problem when we set it up at my friends house. Andy -- A: Because it messes up the order in which people normally read text. Q: Why is it such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: SSH through port forwarding
> On December 18, 2007 at 12:47AM sham khalil wrote: > On Dec 18, 2007 12:08 PM, Bill Campbell <[EMAIL PROTECTED]> wrote: > > > On Mon, Dec 17, 2007, Andrew Falanga wrote: > > >Hi, > > > > > >I'm having a difficult time working with my father to get the port > > >forwarding working on his Linksys router to forward SSH requests to his > > >FreeBSD machine at home. As near as we can figure, it's setup correctly. > > >In case anyone here uses this router it is WRT54G and details (including > > a > > >users manual) can be found at, > > > > > http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&pagename=Linksys%2FCommon%2FVisitorWrapper&cid=1149562300349 > > . > > > > > >Now, I'm in Idaho and he's in NY (which does make things difficult). Is > > >there any special tricks to setting up port forwarding for SSH? Probably > > >should have checked this first, but I'm going to go look on the handbook > > >too, just to see. > > > > It should Just Work(tm). I don't have one of those handy, but > > port forwarding is generally under the Advanced tab Linksys > > routers. It may be called Games or something like that. Forward > > port 22, ssh, to the internal IP and save the settings. > > > > Generally one should have a fixed internal IP for forwarding as > > DHCP assigned IP addresses may change. > > > > once you open port 22 to public ip, you'll get people try to bruteforce your > machine. > if you don't want that set sshd to listen to a higher number like 5522 > then forward port 5522 from the router to the internal machines. > > unfortunately for wrt54g, you can't forward port 5522 to 22 for internal > machine. Security through obscurity is a poor substitute for security. Port scanners will eventually find that port also. Have you checked to see if a firewall is set up that could be blocking the port? -- Gerard ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: SSH through port forwarding
On Dec 18, 2007 12:08 PM, Bill Campbell <[EMAIL PROTECTED]> wrote: > On Mon, Dec 17, 2007, Andrew Falanga wrote: > >Hi, > > > >I'm having a difficult time working with my father to get the port > >forwarding working on his Linksys router to forward SSH requests to his > >FreeBSD machine at home. As near as we can figure, it's setup correctly. > >In case anyone here uses this router it is WRT54G and details (including > a > >users manual) can be found at, > > > http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&pagename=Linksys%2FCommon%2FVisitorWrapper&cid=1149562300349 > . > > > >Now, I'm in Idaho and he's in NY (which does make things difficult). Is > >there any special tricks to setting up port forwarding for SSH? Probably > >should have checked this first, but I'm going to go look on the handbook > >too, just to see. > > It should Just Work(tm). I don't have one of those handy, but > port forwarding is generally under the Advanced tab Linksys > routers. It may be called Games or something like that. Forward > port 22, ssh, to the internal IP and save the settings. > > Generally one should have a fixed internal IP for forwarding as > DHCP assigned IP addresses may change. > once you open port 22 to public ip, you'll get people try to bruteforce your machine. if you don't want that set sshd to listen to a higher number like 5522 then forward port 5522 from the router to the internal machines. unfortunately for wrt54g, you can't forward port 5522 to 22 for internal machine. sham khalil ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: SSH through port forwarding
Make sure the ISP is not blocking port 22. If they block it, you will need to change the SSH port in sshd_config and then set the router to forward the port to the server's internal IP address. It's a good idea to change the port anyway, in order not to be obvious to script kiddies. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: SSH through port forwarding
On Mon, Dec 17, 2007, Andrew Falanga wrote: >Hi, > >I'm having a difficult time working with my father to get the port >forwarding working on his Linksys router to forward SSH requests to his >FreeBSD machine at home. As near as we can figure, it's setup correctly. >In case anyone here uses this router it is WRT54G and details (including a >users manual) can be found at, >http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&pagename=Linksys%2FCommon%2FVisitorWrapper&cid=1149562300349. > >Now, I'm in Idaho and he's in NY (which does make things difficult). Is >there any special tricks to setting up port forwarding for SSH? Probably >should have checked this first, but I'm going to go look on the handbook >too, just to see. It should Just Work(tm). I don't have one of those handy, but port forwarding is generally under the Advanced tab Linksys routers. It may be called Games or something like that. Forward port 22, ssh, to the internal IP and save the settings. Generally one should have a fixed internal IP for forwarding as DHCP assigned IP addresses may change. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way FAX:(206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 there is nothing more difficult to take in hand, more perilous to conduct, or more uncertain in its success, than to take the lead in the introduction of a new order of things. Because the innovator has for enemies all those who have done well under the old conditions, and lukewarm defenders in those who may do well under the new. -- Machiavelli ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
SSH through port forwarding
Hi, I'm having a difficult time working with my father to get the port forwarding working on his Linksys router to forward SSH requests to his FreeBSD machine at home. As near as we can figure, it's setup correctly. In case anyone here uses this router it is WRT54G and details (including a users manual) can be found at, http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&pagename=Linksys%2FCommon%2FVisitorWrapper&cid=1149562300349. Now, I'm in Idaho and he's in NY (which does make things difficult). Is there any special tricks to setting up port forwarding for SSH? Probably should have checked this first, but I'm going to go look on the handbook too, just to see. Andy -- A: Because it messes up the order in which people normally read text. Q: Why is it such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"